• About Us
  • Contact
  • DMCA
  • Home
  • Privacy Policy
  • Terms and Conditions
Tech Vigil
No Result
View All Result
No Result
View All Result
Tech Vigil
No Result
View All Result
Home Data Security

Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Ronnie Daniels by Ronnie Daniels
March 1, 2023
in Data Security
0
Michigan Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

On December 28, 2018, Michigan followed the National Association of Insurance Commissioners (NAIC) Insurance Data Security Model Law in the shape of Michigan H.B. 6491 (Act). By doing so, Michigan joins Ohio and South Carolina as the 0.33 country to undertake the Model Law and the fifth nation – in conjunction with Connecticut and New York – to have enacted cybersecurity guidelines targeted on coverage organizations. See CT Gen Stat § 38a-999b (2015); 23 NYCRR 500. (Please see our earlier coverage for extra statistics on Ohio and South Carolina’s adoption of the Model Law). Moreover, adoption of the Model Law continues to be gaining steam, with Rhode Island probably next in line.

Michigan’s Act, which adds chapter 5A to Michigan’s Insurance Code, seeks to set up “the different requirements applicable to licensees for information protection, the research of a cybersecurity occasion,” and sure regulatory notifications. MCL § 500.550. The Act defines licensees as people authorized, registered, or certified underneath Michigan insurance laws or required. MCL § 500.553(g). This means all insurers, groups, and brokers doing business in Michigan are included. By contrast, reinsurers domiciled outdoor of Michigan, in addition to danger retention corporations and buying agencies chartered and certified in every other kingdom, are excluded from the Act. Id.

Article Summary show
The Act requires licensees to:
Private Action Provisions
FOIA Protections
Exclusive State Cybersecurity Standards
Dedicated Customer Notice Provisions
Good Faith Acquisition Safe Harbor
Ten Day Reporting Requirement
Additional Safe Harbor for In-State Licensees

The Act requires licensees to:

Develop, put into effect, and hold a comprehensive information safety application that consists of administrative, technical, and bodily safeguards to shield nonpublic statistics and the licensee’s information device within one year of the powerful date of the Act; Perform a threat assessment that includes determining the appropriateness of enforcing protections such as multifactor authentication, ordinary penetration trying out, and encrypting information at relaxation; Develop a proper incident response plan to reply to a cybersecurity occasion as described;

Require third-party service companies to implement security measures to protect and cozy any facts systems and personal information by using January 20, 2023; Report data breaches to the Superintendent inside ten (10) commercial enterprise days after willpower that a cybersecurity event has come about; Certify compliance to the Insurance Department Director by way of filing a written declaration, and Retain for five years all records supporting the certificate of compliance for inspection by the Superintendent. While the Act largely tracks the Model Law, it departs from it in several substantial respects:

Private Action Provisions

The Act expressly forecloses the possibility that its adoption creates or implies a private reason of movement for violating its provisions. However, it no longer “curtail a private reason of action that could exist in any other case” below Michigan regulation. MCL § 500.550.

FOIA Protections

The Act specifies that any documents furnished to NAIC or other third-celebration representatives are not a problem to the kingdom’s freedom of statistics act, subpoena, or discovery in a non-public action. MCL § 500.664(6).

Exclusive State Cybersecurity Standards

Similar to Ohio’s regulation, the Act “establishes the specific standards, for this nation, relevant to licensees for information safety, the research of a cybersecurity occasion, and notification to the director.” Id. The Act provides additional protection for reinsurers, mentioning that they do not have country word responsibilities out of doors of those distinctive under the Act. MCL § 500.560(6). Of course, the Act does no longer supersede federal privateness or facts security legal guidelines, inclusive of HIPAA.

Dedicated Customer Notice Provisions

While the Model Act assumes that customer observes obligations can be equivalent to those required below the country’s preferred statistics breach notification regulation, the Act creates enterprise-specific necessities. MCL § 500.561. In specific, the Act requires observing a cybersecurity occasion to any kingdom resident unless there’s an inexpensive dedication that the event “has no longer or is not in all likelihood to motive sizeable loss or damage” or bring about identification robbery. Id. Such word should be provided “without unreasonable postpone.” MCL § 500.561(b)(four).

In addition to this primary requirement, the Act’s consumer word provisions also offer for the following: Written observe as well as the digital note, phone word or “substitute” notice (i.E. Website posting or word to statewide media) wherein particular conditions are met; Reasonable delay of notice where it’s far important for remediation efforts, or if the delay is asked via regulation enforcement or national security company; Notification to nationwide credit organizations where observe is required to more than 1,000 citizens, and It provides a safe harbor for licensees challenge to and who comply with the consumer observe requirements of HIPAA and guidelines promulgated thereunder.

Good Faith Acquisition Safe Harbor

The Act excludes from its definition of cybersecurity occasion the unauthorized access to records with the aid of a person performing in “exact religion” and in a manner “related to the sports of the character.” MCL § 500.553(c)(ii)(A-B). The Act, for that reason, makes a specialty of the one’s breaches due to 0.33 events maximum possibly to be concentrated on touchy records for nefarious purposes. Like the Model Law, the Act excludes any nonpublic information that becomes encrypted from the definition of a cybersecurity event. MCL § 500.553(c)(i).

Ten Day Reporting Requirement

Association

In a circulate that is extra generous than the seventy-two-hour requirement of the Model Law and the three business days requirement of Ohio’s law, the Act requires a licensee to file a cybersecurity incident to the Department inside “ten commercial enterprise days” after a dedication that one has passed off. MCL § 500.559(1).

Additional Safe Harbor for In-State Licensees

Compared to the Model Act, the Act affords an extra safe harbor for Michigan-primarily based licensees, requiring a document most effective. The cybersecurity occasion has an affordable probability of materially harming a customer or the licensee’s operations. MCL § 500.559(a)(iii). The Model Act affords this safe harbor handiest for out-of-state licensees.

Previous Post

A New Year and a New Approach to State Data Breach Legislation

Next Post

Health Data Security: The Most Promising Technologies

Next Post
Health Data Security: The Most Promising Technologies

Health Data Security: The Most Promising Technologies

No Result
View All Result

Today Trending

Cell cellphone use a factor in morning collisions
Cell Phone

Cell cellphone use a factor in morning collisions

by Ronnie Daniels
March 7, 2023
Two Stanford faculty elected to the National Academy of Engineering
Computers

Two Stanford faculty elected to the National Academy of Engineering

by Ronnie Daniels
March 8, 2023
Where to Find Presidents Day Laptop Deals
Laptops

Where to Find Presidents Day Laptop Deals

by Ronnie Daniels
March 18, 2023
Light-Based Comersput Could Work five,000 Times Faster
Computers

Light-Based Comersput Could Work five,000 Times Faster

by Ronnie Daniels
December 21, 2022
Cell Phone app protection
Cell Phone

Cell Phone app protection

by Ronnie Daniels
February 28, 2023

Popular Post

Plugin Install : Popular Post Widget need JNews - View Counter to be installed

About Us

TechVigil is the best website where You can get daily update on internet stuff just like digital Marketing, mobile and tech also many more so subscribe our newsletter to never miss any update from us.

Contact Us: admin@techvigil.org

Editior’s Picks

  • MacBook Pro Wifi No Hardware Installed
  • How to use windows 11 repair tool
  • Enjoy Movies and Games with Logitech Computer Speakers

Newsletter

  • About Us
  • Contact
  • DMCA
  • Home
  • Privacy Policy
  • Terms and Conditions

© 2023 JNews - Premium WordPress news & magazine theme by Jegtheme.

No Result
View All Result
  • About Us
  • Contact
  • DMCA
  • Home
  • Privacy Policy
  • Terms and Conditions

© 2023 JNews - Premium WordPress news & magazine theme by Jegtheme.